Skip to content
Terraform: GitHub resources

🛂 Update data-platform #1818

Sign in to view logs

🛂 Update data-platform

🛂 Update data-platform #1818

Workflow file for this run

.github/workflows/terraform-github.yml at 192feb0
name: "Terraform: GitHub resources"
on:
push:
paths:
- 'terraform/github/**'
- '.github/workflows/terraform-github.yml'
- 'environments/**.json'
branches:
- main
pull_request:
paths:
- 'terraform/github/**'
- '.github/workflows/terraform-github.yml'
- 'environments/**.json'
branches:
- main
types: [opened, edited, reopened, synchronize]
schedule:
# * is a special character in YAML so you have to quote this string
# trigger every Saturday at 12:00am
- cron: '0 12 * * 6'
workflow_dispatch:
defaults:
run:
shell: bash
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
github-plan-and-apply:
runs-on: ubuntu-latest
env:
TF_VAR_github_token: ${{ secrets.TERRAFORM_GITHUB_TOKEN }}
TF_IN_AUTOMATION: true
AWS_REGION: "eu-west-2"
ENVIRONMENT_MANAGEMENT: ${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }}
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set Account Number
run: echo "ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT)" >> $GITHUB_ENV
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions"
role-session-name: githubactionsrolesession
aws-region: ${{ env.AWS_REGION }}
- name: Set up Terraform
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
with:
terraform_version: "~1"
terraform_wrapper: false
- name: terraform init
run: bash scripts/terraform-init.sh terraform/github
- name: terraform plan
run: bash scripts/terraform-plan.sh terraform/github
- name: terraform apply
if: github.event.ref == 'refs/heads/main'
run: bash scripts/terraform-apply.sh terraform/github
- name: Slack failure notification
if: ${{ failure() && github.ref == 'refs/heads/main' }}
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
with:
payload: |
{"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
create-github-environments:
runs-on: ubuntu-latest
needs: [ github-plan-and-apply ]
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0 # or "2" To retrieve the preceding commit.
- name: Create GitHub member environments
if: github.event.ref == 'refs/heads/main'
run: bash ./scripts/git-create-environments.sh
env:
TERRAFORM_GITHUB_TOKEN: ${{ secrets.TERRAFORM_GITHUB_TOKEN }}
- name: Slack failure notification
if: ${{ failure() }}
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
with:
payload: |
{"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK